FM10K/rrcSmall
FM10K/rrcSmall
1
0
Fork 0
Code Issues Pull requests Releases 2 Activity

WIP: Reversed addresses of config locations
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
DataHoarder 2020-12-23 15:00:26 +01:00
parent 78fd5716b3
commit a40bcbd559
1 changed files with 125 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

127
src/main.cpp
View file

@ -90,15 +90,15 @@ void patchImage(const std::string& originalImage, const std::string& settingsFil
}
auto imageObject = ImageFormat::fromBytes(bytes);
Configuration& config = imageObject.getModifiableBootConfig();
std::ifstream settings(settingsFile);
if(settings.is_open()) {
Configuration config;
std::string line;
while (!settings.eof()) {
std::getline(settings, line);
config.addEntry(line);
imageObject.getModifiableBootConfig().addEntry(line);
}
//Do patch
@ -112,6 +112,73 @@ void patchImage(const std::string& originalImage, const std::string& settingsFil
imageObject.imageSignature += " :: Patched by rrcSmall :: git.gammaspectra.live/FM10K/rrcSmall";
}
// =========== Patching Starts ===========
/*
For example, assume that the company ID is (Intel) 00-A0-C9 and the extension identifier is 23-45-67.
The register then contains:
PCIE_CFG_SPD_NUMBER_L = 0xFF234567 PCIE_CFG_SPD_NUMBER_H = 0x00A0C9FF
http://standards.ieee.org/regauth/oui/tutorials/EUI64.html
*/
// @0x1000 LOAD 9x2 entries @ 0x120053/0x120054 + 0x100028/0x100029 BSM_SCRATCH[0x141]-BSM_SCRATCH[0x142] PCIE_CFG_SPD_NUMBER_L SerialNumber and PCIE_SM_AREA.SerialNumber
//
// @0x1054 LOAD 8 entries api.platform.config.switch.0.bootCfg.customMac.0-4
//
// 0x1408 LOAD 1 = 0x0 ???? BSM_SCRATCH[0x150] IF 1: JUMP 0x0814c8 ELSE: INIT DATA? call SBUS_PCIE_REQUEST
//
// 0x8000 LOAD PEP? device config
//
// 0x871c LOAD device config
// 0x8e38 LOAD device config
//
// 0x9000 LOAD 1 api.platform.config.switch.0.bootCfg.systimeClockSource
// 0x9010 LOAD 1 api.platform.config.switch.0.bootCfg.pep.0.mode
// 0x9020 LOAD 1 api.platform.config.switch.0.bootCfg.pep.2.mode
// 0x9030 LOAD 1 api.platform.config.switch.0.bootCfg.pep.4.mode
// 0x9040 LOAD 1 api.platform.config.switch.0.bootCfg.pep.6.mode
// 0x9050 LOAD 1 api.platform.config.switch.0.bootCfg.pep.0.enable
// 0x9060 LOAD 1 api.platform.config.switch.0.bootCfg.pep.1.enable
// 0x9070 LOAD 1 api.platform.config.switch.0.bootCfg.pep.2.enable
// 0x9080 LOAD 1 api.platform.config.switch.0.bootCfg.pep.3.enable
// 0x9090 LOAD 1 api.platform.config.switch.0.bootCfg.pep.4.enable
// 0x90a0 LOAD 1 api.platform.config.switch.0.bootCfg.pep.5.enable
// 0x90b0 LOAD 1 api.platform.config.switch.0.bootCfg.pep.6.enable
// 0x90c0 LOAD 1 api.platform.config.switch.0.bootCfg.pep.7.enable
// 0x90d0 LOAD 1 api.platform.config.switch.0.bootCfg.pep.8.enable
// 0x90e0 LOAD 1 = 0x0 ???? (0-index) IF 1: GPIO_DATA.data[14] = 0 (drive to gnd), GPIO_CFG.Dir[14] = 1 (output), GPIO_CFG.OpenDrain[14] = 1 (open drain)
// (BSM_SCRATCH[0x149] = 0x00084000)
// 0x90f0 LOAD 1 = 0x0 api.platform.config.switch.0.bootCfg.spiTransferMode BSM_SCRATCH[0x149] |= value << 30
// 0x9100 LOAD 1 = 0x7 api.platform.config.switch.0.bootCfg.spiTransferSpeed BSM_SCRATCH[0x149] |= value << 27
// (BSM_ARGS = BSM_SCRATCH[0x149])
// 0x9110 LOAD 1 = 0x1 ???? do pcie init? IF 0: JUMP 0x081b78: OTHERWISE BIG BLOCK INIT?
// 0x9120 LOAD 1 = 0x0 ???? IF 0: SOFT_RESET.EPLReset = 0, SOFT_RESET.SwitchReset = 0 (RESET) ELSE: JUMP 0x080464
//
// 0x9130 LOAD 9 api.platform.config.switch.0.bootCfg.pep.0.numberOfLanes
// 0x9160 LOAD 9 0, 4, 0, 4 ... ???? BSM_SCRATCH[0x13d]
// 0x9190 LOAD 9 = 0x0 ???? BSM_SCRATCH[0x13e] IF NOT 0: BAR4allowed = 0 ELSE (OPTION 0x92c0)
// 0x91c0 LOAD 9 ???? BSM_SCRATCH[0x13f] IF 0: JUMP 0x084da0 ELSE: PCIE_CTRL.RxLaneflipEn = 1
// ==0x91f0 LOAD 9 bar4Allowed + api.platform.config.switch.0.bootCfg.mgmtPep
// ==0x9230 LOAD 9 vendor/device
// ==0x9260 LOAD 9 subVendor/subDevice
// 0x9290 LOAD 9 = 0x0 ???? Set TEST settings? PCIE_PORTLOGIC BSM_SCRATCH[0x146] IF 1: JUMP 0x084d94, else (OPTION 0x9190)
// 0x92c0 LOAD 9 = 0x0 ???? BSM_SCRATCH[0x15a] IF 0: init SR_IOV something?
// 0x92f0 LOAD 9 api.platform.config.switch.0.bootCfg.pep.0.gen
// 0x9320 LOAD 9 = 9x 0x000000FF ???? BSM_SCRATCH[0x155], (val & 0x000000ff) << 0x10 something PCIe value?
// 0x9350 LOAD 9 ???? BSM_SCRATCH[0x17e], (val & 0x000000ff) something PCIe value?
// 0x9380 LOAD 9 api.platform.config.switch.0.bootCfg.pep.0.ASPMEnable BSM_SCRATCH[0x17f] IF NOT 0: JUMP ELSE SET PCIE_CFG_PCIE_LINK_CAP.ActiveStateLinkPMSupport = 0
//
// 0x93b0 LOAD 1 = 0x00 ???? IF 0: JUMP 0x080d38 ELSE WRITE BSM_SCRATCH[0x1b0] = 0x41000c ???? DEAD code?
// 0x93c0 LOAD 1 = 0x492550f0 PCIE_CLK_CTRL |= (value & 0xfffff0f0)
// 0x93cc LOAD 1 = 0x0000000f PCIE_CLK_CTRL_2 = value & 0xf
// 0x93d8 LOAD 1 = 0x00000064 PCIE_WARM_RESET_DELAY = value
// 0x93e4 LOAD 1 = 0x00010005 PCIE_CLKMON_RATIO_CFG = value
// 0x93f0 LOAD 1 = 0x000f000a PCIE_CLKMON_TOLERANCE_CFG = value
// 0x93fc LOAD 1 = 0x000a03e8 PCIE_CLKMON_DEADLINES_CFG = value
auto baseOffsets = std::vector<uint32_t>{imageObject.getHeader().baseAddress, (uint32_t) imageObject.getHeader().baseAddress + 0x40000}; //Target first and second bank
{
@ -140,6 +207,62 @@ void patchImage(const std::string& originalImage, const std::string& settingsFil
}
}
{
for(auto baseOffset : baseOffsets){
auto& instruction = imageObject.findInstructionByAddress(baseOffset + 0x9230);
if(instruction != nullptr && instruction->getCommand() == Instruction::Instruction::CommandOp::LOAD) {
auto &load = reinterpret_cast<std::unique_ptr<Instruction::Load> &>(instruction);
if (load->address == (uint32_t) getScratchRegister(0x049) && load->data.size() == 9) {
for(uint32_t pepOffset = 0; pepOffset < 9; ++pepOffset){
std::stringstream key;
key << "api.platform.config.switch.0.bootCfg.pep." << std::dec << pepOffset << ".vendorId";
auto vendorIdEntry = config.getEntry(key.str());
if(vendorIdEntry.type == Configuration::ConfigurationNode::Type::ValueInt && !vendorIdEntry.value.empty()) {
uint16_t vendorId = vendorIdEntry.getInteger();
key.str("");
key << "api.platform.config.switch.0.bootCfg.pep." << std::dec << pepOffset << ".deviceId";
auto deviceIdEntry = config.getEntry(key.str());
if(deviceIdEntry.type == Configuration::ConfigurationNode::Type::ValueInt && !deviceIdEntry.value.empty()) {
uint16_t deviceId = deviceIdEntry.getInteger();
load->data[pepOffset] = ((uint32_t)deviceId << 16) | vendorId;
}
}
}
}
}
}
}
{
for(auto baseOffset : baseOffsets){
auto& instruction = imageObject.findInstructionByAddress(baseOffset + 0x9260);
if(instruction != nullptr && instruction->getCommand() == Instruction::Instruction::CommandOp::LOAD) {
auto &load = reinterpret_cast<std::unique_ptr<Instruction::Load> &>(instruction);
if (load->address == (uint32_t) getScratchRegister(0x052) && load->data.size() == 9) {
for(uint32_t pepOffset = 0; pepOffset < 9; ++pepOffset){
std::stringstream key;
key << "api.platform.config.switch.0.bootCfg.pep." << std::dec << pepOffset << ".subVendorId";
auto subVendorIdEntry = config.getEntry(key.str());
if(subVendorIdEntry.type == Configuration::ConfigurationNode::Type::ValueInt && !subVendorIdEntry.value.empty()) {
uint16_t subVendorId = subVendorIdEntry.getInteger();
key.str("");
key << "api.platform.config.switch.0.bootCfg.pep." << std::dec << pepOffset << ".subDeviceId";
auto subDeviceIdEntry = config.getEntry(key.str());
if(subDeviceIdEntry.type == Configuration::ConfigurationNode::Type::ValueInt && !subDeviceIdEntry.value.empty()) {
uint16_t subDeviceId = subDeviceIdEntry.getInteger();
load->data[pepOffset] = ((uint32_t)subDeviceId << 16) | subVendorId;
}
}
}
}
}
}
}
// =========== Patching Ends ===========
std::ofstream patchedImage(patchedImageFile);
if(patchedImage.is_open()) {